CVE-2018-20159

HIGH

i-doit 1.11.2 - Authenticated Remote Code Execution via Plugin ZIP Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-20159. PoCs published by AkkuS.

AI-analyzed exploit summary This exploit leverages an authenticated file upload vulnerability in i-doit CMDB 1.11.2, allowing an administrator to upload a malicious ZIP file containing a PHP shell. The ZIP file is extracted to the web root, enabling remote code execution.

Description

i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file because a ZIP archive is accepted by /admin/?req=modules&action=add as a plugin, and extracted to the main directory. In order for the ".zip" file to be accepted, it must also contain a package.json file.

Exploits (1)

exploitdb WORKING POC
by AkkuS · pythonwebappsphp
https://www.exploit-db.com/exploits/45957

This exploit leverages an authenticated file upload vulnerability in i-doit CMDB 1.11.2, allowing an administrator to upload a malicious ZIP file containing a PHP shell. The ZIP file is extracted to the web root, enabling remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: i-doit CMDB 1.11.2
Auth required
Prerequisites: Valid administrator credentials · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45957

Scores

CVSS v3 7.2
EPSS 0.0989
EPSS Percentile 95.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
i-doit/i-doit 1.11.2
Published Dec 15, 2018
Tracked Since Feb 18, 2026